Hosting an application in the cloud has benefits, but unwanted traffic can have a negative impact on workloads and it can result in significant costs.

The App Engine firewall will return an HTTP 403 Forbidden response to requests from denied IP addresses before they hit the application, said Lorne Kligerman, product manager at Google in a blog post.

“App Engine firewall replaces the need for a code-based solution within your app that still allows requests in, but which can cost you resources and still expose your app,” Kligerman said.

The App Engine firewall can be accessed from the Google Cloud Console or via the App Engine Admin API and the gcloud command-line tool. Users can specify which IPs they want to allow.

They can also deny certain types of traffic, including denial-of-service (DoS) and other attacks. Users are also offered a “Test IP” feature that allows them to check if the rules they’ve configured work properly.

Since the App Engine firewall is still in beta, Google did suggest not using it in production environments.